The following document is the recommended code of conduct for businesses engaging in consumer tracking. The document is entirely non-binding, and was created entirely by industry participants. The document is reproduced here in full with no changes.

Best Practices: Recommended Code of Conduct for Consumer Tracking Methods

Summary:
While technology imposes few restrictions on data collection in retail settings, marketers should safeguard consumer privacy. This document provides recommendations to marketers on boundaries regarding consumer observations and how marketing insights should be used.

1. Introduction

Technological advances have made it effortless and inexpensive to track consumers in stores, through surveillance or other types of camera or recording media. On the one had, there is huge demand to gather shopper insights in order to profitably market the right products to the investing consumer and provide a hassle-free shopping experience. On the other hand, the ability to record and track a customer’s every move through the store, identify customers facially and demographically, and pinpoint where and what customers are looking at, picking up, and putting into their shopping carts through Observed Tracking Data (OTD) raises privacy issues and sends shivers down the spine of even the boldest marketer. While the federal government has recognized dangers in the realm of mobile marketing and healthcare and has subsequently passed laws to protect consumers, no such laws exist for data collection in retail settings.

Clearly, there is a need for guidelines on data gathering and storing so that consumers are protected and the ethical boundary has not been crossed. For instance, it may be good business practice for marketers to track purchases through loyalty cards, or track how many people paused before a certain display. However, it may not be okay to record and store facial data for marketing purposes without the consent of the customer. Consequently, this document was created to provide recommendations on collecting data in ethical manners and to encourage marketers to consider ethical issues before collecting data. This document is not meant to be a replacement for federal and state laws; federal and state laws obviously take precedence over this document and should always be consulted to ensure compliance with the law.

2. Methods of OTD Collection

Before considering recommendations, it is important to categorize different OTD collection mechanisms by the degree of privacy exposure they may create for the consumer. Once the level of risk is ascertained, measures can then be taken to protect consumer privacy. There are three major levels of risk: low, medium, and high. Typically, low risk methods do not track consumers nor gather identifiable data. Medium risk methods gather tracking data but do not identify consumers. High risk methods identify customers in the process of tracking them.

2.1 – Low Risk OTD Collection Methods

Infrared or laser beam motion detectors

Sonar and other non-recording, sound-based motion detectors

Overhead path tracking systems that are capable of generating on-premise, aggregate “heat
maps” of consumer presence, but are not able to track or record individual consumer paths.

2.2 – Medium Risk OTD Collection Methods

Overhead camera-based path tracking systems or “gaze tracking” systems that are able to track and/or record individual consumer paths, but do not uniquely or individually identify consumers.

Sensor-laden shopping carts that track and/or record individual consumer paths, but are not able to uniquely or individually identify consumers.

RFID or other wired or wireless tracking devices knowingly worn or carried by consumer, or used on shopping carts and baskets to track consumer behavior, but are not able to personally or uniquely identify consumers.

Any method where information can be used to collect demographic or psychographic information, but cannot be used to individually or uniquely identify consumers.

2.3 High Risk OTD Collection Methods

Any method capable of identifying consumers based on past purchases, loyalty card programs, or other behavioral patterns collected by OTD collection methods.

Any camera-based OTD system that collects and stores visual data.

Any method used to personally or uniquely identify consumers, when combined with loyalty
program data, or 3rd party marketing data.

3. The Code of Conduct

The Code describes recommended practices for OTD collection and marketing activities in three categories: Data Collection, Storage and Security, Disclosure, and Cross-Channel and Cross-Domain Marketing.

2.1. Data Collection, Storage and Security

OTD collection venues that house HIPAA-compliant entities (for example, a supermarket that contains a pharmacy) must adhere to all Federal laws governing the collection and use of marketing data in and around HIPAA-compliant sites. Typically, no OTD collection methods may be used in the HIPAA-compliant areas themselves, and special care must be taken to ensure that no method that allows for the unique or individual identification of consumers is used to track consumer behavior near the HIPAA sites. Click here or visit www.hipaa.org to learn more.

OTD collection mechanisms capable of uniquely identifying a minor (i.e., a consumer under 13 years of age or the age required by state or local law) cannot be used at the OTD collection site.

In no event should image, video or biometric data used to generate OTD be stored without an explicit consumer opt-in to do so. Collecting image or biometric data for marketing purposes may violate Federal, state or local laws, including Federal Domestic Violence Laws. If collecting image or biometric data is allowed in a venue’s jurisdiction through OTD methods, the data should be stored for up to 3 months or the maximum period allowed by law.

Using video or image data from surveillance, security, or loss-prevention systems may violate Federal, State and/or local laws, and is generally not recommended. If this practice is allowed by law, marketers must use separate computer systems and storage devices from those used to store the security/surveillance data. These computer systems and storage devices must be password protected with different passwords used than for the security/surveillance systems.

Any and all collected OTD that can be positively associated with a unique consumer should be treated as Non-Public Personal Information (NPPI), and must be stored on a sufficiently secure computer system, such as one that conforms to the Payment Card Industry (PCI) standards for NPPI storage. Any OTD that could potentially be misused to create public safety hazards must be treated as NPPI and be handled as described above.

It is a violation of Federal law to use certain types of marketing data (for example, demographic data) to offer special promotions to one group of consumers but not another. Marketing practices that make use of demographic or psychographic OTD may not be used to create promotions that vary the pricing or availability of an item or items, or change requirements and availability of financing options, if applicable.

2.2. Disclosure

Marketers must provide a disclosure notice (the “Notice”) to consumers who may be monitored (intentionally or incidentally) by OTD activities.

The Notice should be easily understandable, unambiguous, and current. It should not contain
any false or misleading information about the nature of the OTD collection methods or the
intended use of any collected data.

The Notice should describe the OTD collection methods in effect and whether data collected via OTD methods will be combined with other data including, but not limited to register receipt information, credit card or any NPPI or data collected by 3rd party and/or affiliate marketers.

The Notice should be posted in at least one location at each site where the OTD collection is
taking place, preferably at every entrance.

The Notice itself must meet all ADA guidelines and must be free of obstructions that might
inhibit visibility.

The Notice must contain information about all available opt-in and opt-out mechanisms such as a consumer-accessible telephone that can be accessed for no fee in order to opt out.

When OTD requires the use of a consumer’s cell phone, mobile computing device, email
messages, or SMS text messages, or links OTD data with a telephone number or Bluetooth device, marketers must also comply with the Mobile Marketing Association’s Global Code of Conduct, mobile marketing laws, FTC Telemarketing Sales Rule, other FTC rules, and the National Do Not Call Registry.

2.3. Cross-Channel and Cross-Domain Marketing

Cross-channel OTD marketing occurs when data from multiple sources, such as in-store, catalogs, online, and OTD are combined with the intent of tracking a consumer across multiple properties, retail environment, or other public or private spaces.

Consumers should be made aware of the use of their OTD data and other marketing data. Such information should be included in the Notice.

Cross-channel marketing is considered High Risk for OTD collection mechanisms. Therefore, consumers should opt-in before data is combined in cross-domain ways. Furthermore, the consumer should also re-opt in to the program each time he or she enters a new venue where the cross-domain OTD marketing program takes place.

Disclosure notices should be located at every OTD collection site participating in the program, and follow all other best practices for OTD data collection.

Disclosure notices for cross-domain OTD marketing programs must contain a complete list of all Marketers and other entities participating in the program (for OTD collection or other purposes), as well as a complete list of all OTD collection practices and the physical locations of the OTD collection devices.

3. Participation

This document is not a contract or legal document, and is non-binding. However, adherence to the Code is strongly recommended to ensure that consumer privacy is safeguarded.

This new WPF report finds that medical identity theft is still a crime that causes great harms to its victims, and that it is growing overall in the United States; however, there’s a catch. The national consumer complaint data suggests that the crime is growing at different rates in different states and regions of the US, creating medical identity theft “hotspots.” These hotspots are important for patients, policymakers, and healthcare stakeholders to know about so as to address potential risks.

WPF has conducted original research on India's Aadhaar, a national biometric ID system, including field research in India during 2010-2014. WPF has published the original research in a peer-reviewed journal, Nature-Springer, and in Harvard-based Journal of Technology Science. The research found that systemic challenges to data protection and privacy exist in the Aadhaar system, challenges which do have potential remedies. Key lessons can be learned for both the US and the EU as biometric systems grow in popularity.